In the world of electronic commerce, there is a need for strong authentication in a way that makes it difficult for a third party to spoof what a user is doing. Currently, when people speak of “strong authentication,” they are normally talking about a situation in which it is necessary to have software or hardware, or both, or biometrics and the like, and every time the user wishes to perform a transaction, such as a payment, he or she must use the particular type of strong authentication.
It is possible to furnish all users a piece of hardware, such as a mini computer on a chip that can be carried in a user's pocket and which uses biometrics or the like, so that the user can communicate that he or she is the proper user. Therefore, in order for a third party to impersonate the user, it is necessary for the third party to steal the user's device and also have the same physical attributes as the user. Without that, the third party could not impersonate the user.
However, it is necessary for each user to buy such a device and carry it with him or her, and it would have to interoperate, for example, with a personal computer (PC) or some other way in which the user wants to interact through his or her device. It would also be necessary for the device to be fast. At the moment, that would not be an easy thing to accomplish, although it could change over time as technology advances. These devices are quite costly and do not interface very easily, for example, with different PCs, palm pilots, and Internet phones. Not only are such devices expensive, but also performance penalties, such as time delays, are typically involved in getting the devices to work properly.
Today, a dilemma regarding authentication over the web involves a desire for stronger authentication than a password that can be guessed or stolen enabled by authentication technology, such as biometrics, digital signatures and signature engines stored in hardware tokens, utilizing more than one shared secret. However, these solutions require one or more of downloading and installation of large and complex software files, special hardware tokens and readers, memorization of seldom used shared information, and dealing with difficult issues surrounding items being lost, stolen or revoked.